Data Protection Policy for NorthLight School
1. The Personal Data Protection Act 2012 (‘PDPA’) establishes a general data protection law in Singapore which governs the collection, use and disclosure of individuals’ personal data by organisations. The PDPA governs the collection, use and disclosure of individuals’ personal data by organisations in a manner that recognises both the right of individuals to protect their personal data and the need of organisations to collect, use and disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.
2. The purpose of this document is to inform users how NorthLight School (‘the School’) manages Personal Data which is subjected to the Singapore Personal Data Protection Act (2012). This Data Protection Policy supplements but does not supersede nor replace any other consent you may have previously provided to the School.
Data Collected, Usage, Disclosure and Purpose
3. The School collects personal data including (but not limited to):-
a. Staff – personal details, contact information, household information, payroll related information, resume, educational information, performance indicators, attendance, training records, terms of employment details, any relevant medical information and photographs.
b. Student – personal details, contact information, family details, household information, assessment/examination results, attendance, behavior, any relevant medical information and photographs.
c. Others – visitor information, CCTV footage
4. The data is used in order to:-
a. Determine the suitability, eligibility or qualifications for employment, promotion in employment and/or continuance in employment, and any other uses to support the School’s operational needs.
b. Support the education of the students, monitor and report on their progress, provide appropriate personal and social care, make recommendations for awards and bursaries, and assess the performance of the student and the School as a whole, together with any other uses normally associated with this provision in a specialised school environment. The School may make use of limited personal data (such as contact details) relating to students, their parents or guardians to maintain relationships with them.
c. Provide personal data as requested by external auditors for audit purposes.
d. Provide updates on school events
e. Ensure safety, security, conduct investigations and legal compliance, including disclosures as may be allowed or required by law, government ministries, government agencies and organs of state.
5. Data may be shared, as necessary, with third party companies to provide extended services; examples include transport, medical, catering, travel services and online services such as email. In particular, the School may:
a. Make available information to any internal organisation or society set up for the purpose of maintaining contact with staff and students or for administration, fundraising, marketing or promotional purposes relating to the School, e.g. Alumni. The School will remain as the data controller and this policy will govern data usage.
b. Make use of photographs, videos or sound recordings of staff and students in School publications, the School website, social media platforms, and other official School communication channels, as well as in external media.
c. Make personal data, including sensitive personal data, available to internal staff for planning school-related activities, programmes and trips.
d. Retain and use personal data after a staff or student has left employment/graduated to provide references, employment/educational history and alumni services consistent with a specialised school environment.
Consent and Deemed Consent
6. For the purposes of the School’s students (as minors), it is reasonable and accepted that parental/guardian consent is sufficient.
7. By voluntarily providing the School with your personal data, you shall be deemed to consent the School to collect, use and disclose the data for the purpose that you have provided it for. Examples of such situations are staff employment and student enrolment. The School shall also highlight such situations and seek to obtain explicit consent.
Data Security and Retention
8. The School undertakes to:
a. Implement appropriate security measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular when the processing of data involves the transmission or storage on or within a network.
b. Notify data subjects about any accidental or unauthorised access of their data that may lead to damage or harm.
c. Keep the data collected for as long as there is a necessity to provide the services specified or outlined above.
Sharing Data with Third Parties
9. The School shares personal data with a variety of third parties for the purposes of the third party providing a relevant service to the school. Examples of these services include transport, catering, travel services, accommodation and medical.
10. The School will only share data for the purposes of eliciting a necessary service from these third party organisations and not for commercial gain.
11. Where the School signs explicit contracts with these organisations, it will ensure that the organisation is using the data purely for the intended purpose of providing the required service and that it is taking appropriate precautions to safeguard the data.
Contacting Us – Withdrawal of Consent, Access and Correction of your Personal Data
12. You may contact our Data Protection Officer if you have any queries or feedback on our personal data protection policies and procedures, or if you:
a. Have any questions or feedback relating to your Personal Data or our Data Protection Policy;
b. Would like to withdraw your consent to any use of your Personal Data; or
c. Would like to obtain access and make corrections to your Personal Data,
13. Please contact us via email to email@example.com with the subject title ‘PDPA Policy’ and addressed to Data Protection Officer, NorthLight School. You may also write to us at NorthLight School (Attn: Data Protection Officer), 151 Towner Road, Singapore 327830.
Updates on Data Protection Policy
14. As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
15. We may amend the terms of this Data Protection Policy at our absolute discretion. Any amended Data Protection Policy will be posted on our website and can be viewed at https://nls.edu.sg/school/data-protection-policy
Last updated 23 May 2019